5

I have requirement for our application where we need to implement Spring SAML within our app to enable federated SSO for one customer. However we need to maintain existing login flow using spring-security for other customer.

So my question is can we have two security mechanism for an web application so that it will be treated as multi-tenancy.

Can i implement OAuth and SAML in same application.

thanks in advance..

ManojP
  • 6,113
  • 2
  • 37
  • 49

1 Answers1

3

Yes, you can combine your existing password authentication with SAML. See the sample application of Spring SAML for details - it contains both of the methods combined. It is also possible to include OAuth use-cases, but I'm not aware of any guide for it.

Vladimír Schäfer
  • 15,375
  • 2
  • 51
  • 71
  • In that case how to decide which one to use. Do i need to give sepeate url pattern for saml ? – ManojP Mar 13 '15 at 10:14
  • You either POST username/password to e.g. /j_spring_security_check, start SAML authnetication by redirect to /saml/login, or receive SAML assertion from IDP (through IDP-initialized SSO) to /saml/SSO. Spring Security will in any case involve your UserDetailService implementations, where you can do some filtering/user processing, and in all cases you'll end up with an Authentication object with user details. – Vladimír Schäfer Mar 13 '15 at 13:13
  • Does anyone have a working example or a link? I have the sample application up and running, but it has an interceptor /** and is redirecting everything to the IDP. And I cannot of the life of me find the example you speak of in the documentation. – mmaceachran Aug 21 '16 at 17:23
  • https://github.com/spring-projects/spring-security-saml/blob/master/sample/src/main/webapp/WEB-INF/securityContext.xml – Vladimír Schäfer Aug 21 '16 at 23:46
  • /saml/web/* is using form-based login – Vladimír Schäfer Aug 21 '16 at 23:47
  • @VladimírSchäfer I have similar problem in spring boot app please have a look @ this post: https://stackoverflow.com/q/61182738/11421611 and guide me that where I need to fit the logic to redirect the user to saml/login based on the username entered. – chirag soni Apr 24 '20 at 12:34